Personnalisations : PHP-Nuke : Securisation
Page(s): 3/5
.htaccess
Il est possible de faire énormément de choses à l'aide de ce fichier. Je ne vais pas vous détailler ces possibilités tant les tutoriaux à ce sujet pullulent sur la toile.
Après installation de NSN Sentinel, votre fichier .htaccess possède quelques lignes de code.
Je vous propose d'en rajouter des supplémentaires afin d'apporter un plus supplémentaire pour ce qui concerne la sécurité de votre site. Cela même si certaines lignes peuvent faire double usage avec l'utilisation de NSN Sentinel.
Voici le code à ajouter :
| Code: |
Options All -Indexes
DirectoryIndex index.php index.html index.htm
<FilesMatch ".(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">
deny from all
</FilesMatch>
# Interdire la lecture/écriture des fichiers index - config - admin
<Files ~"index.php$">
deny from all
</Files>
<Files ~"admin.php$">
deny from all
</Files>
<Files ~"config.php$">
deny from all
</Files>
<Files ~".ht$">
Order Allow,Deny
deny from all
Satisfy All
</Files>
<Limit GET PUT POST>
Order Allow,Deny
Allow from all
</Limit>
RewriteCond %{HTTP_POST} ^TON_SITE.com$ [NC]
RewriteRule ^(.*)$ http://www.TON_SITE.com/$1 [R=301]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?TON_SITE.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} q=Guestbook [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GornKer [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^Irvine [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^omniexplorer_bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} dloader(NaverRobot) [OR]
#RewriteCond %{HTTP_USER_AGENT} ^puf [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SearchExpress [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebBandit [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Wg@@@et [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
RewriteCond %{HTTP_USER_AGENT} ^ZyBorg
RewriteRule ^.* - [F,L]
#Check for AWStats exploits and redirect them to a phantom site
RewriteCond %{QUERY_STRING} ^(.*)configdir(.*) [NC]
# Un hôte qui tente de se cacher dans une reverse DNS lookup
RewriteCond %{REMOTE_HOST} ^private$ [NC,OR]
# Sites de surveillance du Web (peut nécessiter ipchains)
RewriteCond %{HTTP_USER_AGENT} traffixer|netfactual|netcraft [NC,OR]
# Un faux referrer souvent utilisé
RewriteCond %{HTTP_USER_AGENT} ^[^?]*iaea.org [NC,OR]
# Le referrer "addresses.com" est utilisé par un email address extractor
RewriteCond %{HTTP_USER_AGENT} ^[^?]*addresses.com [NC,OR]
# Un faux referrer utilisé en conjonction avec un formmail exploits
RewriteCond %{HTTP_USER_AGENT} ^[^?]*.ideography.co.uk [NC]
RewriteRule .*$ http://www.internet.org [R,L]
# Bloque les navigateurs se dissimulants avec des lettres et chiffres aléatoires
RewriteCond %{HTTP_USER_AGENT} [0-9A-Za-z]{15,} [OR]
RewriteCond %{HTTP_USER_AGENT} ^[0-9A-Za-z]+$ [OR] |
Afin de vérifier que le blocage soit effectif, rendez vous sur le site WannaBrowser. Ce dernier vous propose de tester l'efficacité de votre hta@@@ccess en simulent la visite des divers mauvais agents.
 Page précédente (2/5) - Page suivante (4/5) 
Publié le : 2007-07-26 par stefvar, dernière modification le : 2007-07-26 par stefvar(637 lectures)
|
